CN111144771A - Method and device for determining wind evaluation strategy and computer storage medium - Google Patents

Method and device for determining wind evaluation strategy and computer storage medium Download PDF

Info

Publication number
CN111144771A
CN111144771A CN201911388661.5A CN201911388661A CN111144771A CN 111144771 A CN111144771 A CN 111144771A CN 201911388661 A CN201911388661 A CN 201911388661A CN 111144771 A CN111144771 A CN 111144771A
Authority
CN
China
Prior art keywords
rule
event
policy
risk
wind
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911388661.5A
Other languages
Chinese (zh)
Inventor
王征
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Missfresh Ecommerce Co Ltd
Original Assignee
Beijing Missfresh Ecommerce Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Missfresh Ecommerce Co Ltd filed Critical Beijing Missfresh Ecommerce Co Ltd
Priority to CN201911388661.5A priority Critical patent/CN111144771A/en
Publication of CN111144771A publication Critical patent/CN111144771A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24564Applying rules; Deductive queries

Abstract

The application discloses a method and a device for determining a wind evaluation strategy and a computer storage medium, and belongs to the technical field of internet. The method comprises the following steps: acquiring one or more rule identifications according to the event identification of the first event to be evaluated; acquiring one or more rules in one-to-one correspondence with one or more rule identifications; a first wind evaluation policy for risk evaluation of the first event is generated according to one or more rules. According to the method and the device, the wind evaluation strategy is dynamically generated through a plurality of rules instead of generating the whole wind evaluation strategy in advance, so that only one rule can be adjusted subsequently to realize the adjustment of the finally generated wind evaluation strategy, the whole wind evaluation strategy is prevented from being modified from the beginning, and the labor cost and the time cost generated by modifying the wind evaluation strategy are greatly reduced.

Description

Method and device for determining wind evaluation strategy and computer storage medium
Technical Field
The present application relates to the field of internet technologies, and in particular, to a method and an apparatus for determining a wind comment policy, and a computer storage medium.
Background
In order to improve the transaction security on the e-commerce platform, when a user triggers events such as login, transaction or payment on any e-commerce platform, the e-commerce platform needs to perform risk assessment on the events according to a wind assessment strategy, so that certain measures can be taken subsequently according to the assessed risk. Wherein the wind evaluation strategy is used for indicating a corresponding strategy for risk assessment.
In the related art, for a certain event, the wind evaluation strategy is determined in advance, and then the whole wind evaluation strategy is packaged in a static file. And when the risk assessment is needed to be carried out on the event subsequently, acquiring the wind assessment strategy from the static file. However, if the wind evaluation strategy needs to be adjusted, the whole static file needs to be modified again, and the labor cost and the time cost are high.
Disclosure of Invention
The embodiment of the application provides a method and a device for determining a wind evaluation strategy and a computer storage medium, which can reduce the labor cost and the time cost generated by modifying the wind evaluation strategy. The technical scheme is as follows:
in one aspect, a method of determining a wind rating policy is provided, the method comprising:
acquiring one or more rule identifications according to an event identification of a first event to be evaluated, wherein each rule identification is used for indicating a rule, and the rule is used for judging whether the first event is a risk event;
acquiring one or more rules in one-to-one correspondence with the one or more rule identifications;
generating a first wind evaluation strategy for risk evaluation of the first event according to the one or more rules, wherein the first wind evaluation strategy comprises the one or more rules and a risk benchmark score of each rule, and the risk benchmark score of each rule is used for indicating the risk magnitude of the first event when the first event meets the corresponding rule.
Optionally, the obtaining one or more rules in one-to-one correspondence with the one or more rule identifiers includes:
for any rule identifier in the one or more rule identifiers, acquiring one or more condition identifiers corresponding to the rule identifier from a first mapping relation according to the rule identifier, wherein the first mapping relation comprises a plurality of rule identifiers and one or more condition identifiers corresponding to each rule identifier;
acquiring one or more conditions according to the one or more condition identifications;
and generating a rule corresponding to the rule identification according to the one or more conditions.
Optionally, the generating a first evaluation policy for risk evaluation of the first event according to the one or more rules includes:
determining a risk benchmark score of each rule in the plurality of rules, wherein the risk benchmark score of each rule is used for indicating the magnitude of the risk corresponding to the corresponding rule;
generating the first wind rating policy according to a risk benchmark score of each of the one or more rules.
Optionally, the generating the first rating policy according to the risk benchmark score of each rule of the one or more rules includes:
determining a gray value of each rule, wherein the gray value of each rule is used for indicating the probability that the first event needs to be risk-evaluated according to the corresponding rule when the first event meets the corresponding rule;
and generating the first wind rating strategy according to the risk benchmark score of each rule in the one or more rules and the gray value of each rule.
Optionally, the obtaining one or more rule identifiers according to the event identifier of the first event to be evaluated includes:
acquiring a first policy identifier corresponding to an event identifier of the first event from a second mapping relation, wherein the first policy identifier is used for indicating the first wind rating policy, and the second mapping relation comprises a plurality of event identifiers and a plurality of policy identifiers in one-to-one correspondence with the event identifiers;
and acquiring one or more rule identifications corresponding to the first policy identification from a third mapping relation according to the first policy identification, wherein the third mapping relation comprises a plurality of policy identifications and one or more rule identifications corresponding to each policy identification.
Optionally, the method further includes:
acquiring a strategy modification request, wherein the strategy modification request carries a strategy identifier used for indicating a second wind evaluation strategy, and the second wind evaluation strategy is a wind evaluation strategy configured before the current time;
acquiring one or more rules included in the second evaluation strategy according to the strategy identification carried in the strategy modification request;
when a modification request for a first rule of the one or more rules included in the second rating policy is detected, modifying the first rule, wherein the first rule is one of the one or more rules included in the second rating policy;
replacing the first rule with a modified rule.
In another aspect, an apparatus for determining a wind rating policy is provided, the apparatus comprising:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring one or more rule identifications according to an event identification of a first event to be evaluated, each rule identification is used for indicating a rule, and the rule is used for judging whether the first event is a risk event;
the second acquisition module is used for acquiring one or more rules which are in one-to-one correspondence with the one or more rule identifications;
the generating module is used for generating a first wind evaluation strategy for carrying out risk evaluation on the first event according to the one or more rules, the first wind evaluation strategy comprises the one or more rules and a risk benchmark score of each rule, and the risk benchmark score of each rule is used for indicating the risk magnitude of the first event when the first event meets the corresponding rule.
Optionally, the second obtaining module includes:
a first obtaining sub-module, configured to, for any rule identifier of the one or more rule identifiers, obtain, according to the rule identifier, one or more condition identifiers corresponding to the rule identifier from a first mapping relationship, where the first mapping relationship includes the multiple rule identifiers and the one or more condition identifiers corresponding to each rule identifier;
the second obtaining submodule is used for obtaining one or more conditions according to the one or more condition identifications;
and the first generation submodule is used for generating a rule corresponding to the rule identification according to the one or more conditions.
Optionally, the generating module includes:
a determining submodule, configured to determine a risk benchmark score for each rule of the plurality of rules, where the risk benchmark score for each rule is used to indicate a magnitude of risk corresponding to the corresponding rule;
and the second generation submodule is used for generating the first wind evaluation strategy according to the risk benchmark score of each rule in the one or more rules.
Optionally, the generating sub-module includes:
the determining unit is used for determining a gray value of each rule, and the gray value of each rule is used for indicating the probability that the first event needs to be subjected to risk assessment according to the corresponding rule when the first event meets the corresponding rule;
and the generating unit is used for generating the first wind evaluation strategy according to the risk benchmark score of each rule in the one or more rules and the gray value of each rule.
Optionally, the first obtaining module includes:
a third obtaining sub-module, configured to obtain a first policy identifier corresponding to an event identifier of the first event from a second mapping relationship, where the first policy identifier is used to indicate the first rating policy, and the second mapping relationship includes a plurality of event identifiers and a plurality of policy identifiers corresponding to the event identifiers one to one;
and the fourth obtaining submodule is used for obtaining one or more rule identifications corresponding to the first policy identification from a third mapping relation according to the first policy identification, wherein the third mapping relation comprises a plurality of policy identifications and one or more rule identifications corresponding to each policy identification.
Optionally, the apparatus further comprises:
a third obtaining module, configured to obtain a policy modification request, where the policy modification request carries a policy identifier for indicating a second wind evaluation policy, and the second wind evaluation policy is a wind evaluation policy configured before a current time;
a fourth obtaining module, configured to obtain, according to the policy identifier carried in the policy modification request, one or more rules included in the second wind comment policy;
a modification module, configured to modify a first rule of the one or more rules included in the second wind rating policy when a modification request for the first rule is detected, where the first rule is one of the one or more rules included in the second wind rating policy;
a replacement module to replace the first rule with a modified rule.
In another aspect, an apparatus for determining a wind evaluation policy is provided, which includes a processor, a communication interface, a memory and a communication bus;
the processor, the communication interface and the memory complete mutual communication through the communication bus;
the memory is used for storing computer programs;
the processor is used for executing the program stored on the memory so as to realize the method for determining the wind comment strategy.
In another aspect, a computer-readable storage medium is provided, having stored therein a computer program which, when being executed by a processor, carries out the steps of the method of determining a wind rating policy as previously provided.
The beneficial effects brought by the technical scheme provided by the embodiment of the application at least comprise:
acquiring one or more rule identifications according to the event identification of the first event to be evaluated; acquiring one or more rules in one-to-one correspondence with one or more rule identifications; a first wind evaluation policy for risk evaluation of the first event is generated according to one or more rules. According to the method and the device, the wind evaluation strategy is dynamically generated through a plurality of rules instead of generating the whole wind evaluation strategy in advance, so that only one rule can be adjusted subsequently to realize the adjustment of the finally generated wind evaluation strategy, the whole wind evaluation strategy is prevented from being modified from the beginning, and the labor cost and the time cost generated by modifying the wind evaluation strategy are greatly reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a system architecture diagram for determining a wind rating policy provided by an embodiment of the present application;
FIG. 2 is a schematic diagram of a configuration relationship of a wind rating policy provided in an embodiment of the present application;
fig. 3 is a schematic structural diagram of a spanning tree + index library provided in an embodiment of the present application;
FIG. 4 is a flowchart of a method for determining a wind rating policy provided by an embodiment of the present application;
FIG. 5 is a flow chart of a method for implementing a wind rating policy provided by an embodiment of the present application;
fig. 6 is a schematic structural diagram of an apparatus for determining a wind rating policy provided in an embodiment of the present application;
fig. 7 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
Before explaining the method for determining the criticizing strategy provided by the embodiment of the present application in detail, the application scenario related to the embodiment of the present application is introduced.
In order to improve the transaction security on the e-commerce platform, the potential risks of the user in logging, transaction or payment and other events triggered on the e-commerce platform need to be monitored in time, so that the e-commerce platform configures different evaluation strategies for different events, and risk assessment is performed on the corresponding events according to the different evaluation strategies. For example, when the event is a transaction event, the configured wind evaluation policy is that if the number of transactions in a week is greater than a preset value, the transaction event is determined to be a transaction event with a higher risk coefficient. If the e-commerce platform monitors that the transaction frequency of a certain user in a short period is greater than a preset value, the transaction event triggered by the user is a transaction event with a higher risk coefficient, and certain measures need to be taken, such as limiting the transaction frequency of the current user, so as to guarantee the safety of the current e-commerce platform.
Fig. 1 is a system architecture for determining a wind evaluation policy provided by an embodiment of the present application. As shown in fig. 1, the system 100 includes a user terminal 101 and a server 102. The user terminal 101 and the server 102 are connected in a wireless or wired manner for communication. The user side 101 is installed with an application corresponding to the e-commerce platform, and the server 102 is the e-commerce platform.
The user 101 may trigger events such as login, transaction or payment based on preset operations of the user, and send an event rating request to the server 102. After receiving the event wind evaluation request, the server can determine a wind evaluation strategy corresponding to the event according to the event identifier carried in the event wind evaluation request, determine a risk score of the current event according to the wind evaluation strategy, further determine an execution decision according to the risk score, and return the execution decision to the user side. And the user side determines whether to execute the event according to the received execution decision. The specific implementation of the server determining the rating policy will be described in detail in the following embodiments, and the description is not necessarily repeated here.
Wherein the server needs to configure different rating policies based on different events. When the user side triggers an event, the server executes the evaluation strategy to detect whether the event has certain potential risks.
In order to enable a server to dynamically generate a rating policy corresponding to any event, so that a subsequent server can flexibly modify the rating policy, as shown in fig. 2, in the method for determining a rating policy provided in the embodiment of the present application, any event corresponds to a rating policy, that is, the events and the policies are configured according to a 1:1 relationship. A policy typically includes a plurality of rules, i.e., the policy and the rules are arranged in a manner of 1: the mode of N is configured. A rule typically contains multiple conditions/condition sets, i.e., rules and conditions are configured according to a 1: N relationship. The condition group indicates a specific condition in which a plurality of conditions are combined in a logical operation relationship. Therefore, the rules can be generated by combining a plurality of conditions, and the wind evaluation strategy corresponding to any event can be generated by combining a plurality of rules. So as to realize the dynamic generation of the wind evaluation strategy.
Wherein the rules are used to indicate the basis of the decision logic. In particular, rules and conditions correspond to the relationship of "department" and "individual", i.e., a rule contains one or more conditions. The condition is used to determine whether the specified attribute of any event satisfies the corresponding target specified attribute. And, the general condition is that the combination of the index, the operator and the constant is obtained. For example, combining the index "the number of orders of the user in the past week", the operator ">" and the constant "100", the combination is conditioned as follows: "the number of orders by the user in the past week is > 100". The index is used to indicate a combined processing of the fields, for example the index may be: "number of orders of user in past week". The fields are used to indicate attribute values of the user, such as user information, address information, order information, etc. of the user.
In addition, any condition included in any rule may be a condition group. The condition group is formed by combining a plurality of conditions according to a logical operation relationship. For example, the logical relationship is an AND relationship, indicating that the set of conditions is satisfied if any event satisfies all of the conditions within the set of conditions. The logical relationship is an "or" relationship, indicating that the set of conditions is satisfied if any event satisfies any condition within the set of conditions.
It can be known that the wind rating policies for organizing any event relate to different types of objects, that is, when any wind rating policy needs to be generated, the objects to be related are: rules, conditions, fields, metrics.
Further, to facilitate management of these objects, objects of different types are stored independently of one another. At this time, in order to facilitate the subsequent generation of the rating policy quickly and dynamically, the mapping relationship between the different objects and the storage location of each object need to be configured in advance. The mapping relationship between different objects may be configured in a spanning tree (tree) manner as shown in fig. 3, and the storage location of each object may be represented by an index library (map) as shown in fig. 3.
As shown in fig. 3, the spanning tree includes a plurality of object tables and a mapping relationship between the plurality of object tables. Taking fig. 3 as an example, the spanning tree includes three types of object tables, i.e., an event table, a rule table, and a condition table. And sets the mapping relationship between the three object tables. Specifically, for any e-commerce platform application, an event table is configured for the e-commerce platform application, and the event table includes a plurality of event identifications and a plurality of events corresponding to the event identifications one to one. And configuring a rule table for any event of the event table, wherein the rule table comprises a plurality of rule identifications and a plurality of rules in one-to-one correspondence with the rule identifications. And configuring a condition table for any rule of the rule object table, wherein the condition table comprises a plurality of condition identifications and a plurality of conditions in one-to-one correspondence with the condition identifications. The implementation manner for constructing the spanning tree is not limited to the above-mentioned one, and other implementation manners are not illustrated one by one here.
As shown in fig. 3, the index library includes a plurality of index tables, and the plurality of index tables include: event index table, rule index table, condition index table, index table and field index table. The event index table is used for storing a plurality of event identifications and positions of a plurality of events indicated by the event identifications in a memory. The rule index table is used for storing a plurality of rule identifications and positions of a plurality of rules indicated by the rule identifications in a memory. The condition index table is used for storing a plurality of condition identifiers and positions of a plurality of conditions indicated by the condition identifiers in the memory. The index table is used for storing a plurality of index identifications and positions of a plurality of indexes indicated by the index identifications in the memory. The field index table is used for storing a plurality of field identifications and the positions of the fields indicated by the field identifications in the memory.
It should be noted that, if the target object is found through the index library and is changed, the target object in the spanning tree is also changed, that is, the evaluation policy based on the target object in the spanning tree is changed. Therefore, the purpose of modifying the wind evaluation strategy corresponding to any event more flexibly can be achieved through the index library.
In addition, in this embodiment of the application, the user terminal 101 may be a tablet computer, a desktop computer, a mobile phone, and the like, and the server 102 may be an e-commerce platform, and may also be a server or a server cluster used in this embodiment of the application for determining a rating policy, which is not limited in this embodiment of the application.
The above description is given by taking a method for a server to execute a wind rating policy determination provided in the embodiments of the present application as an example. Optionally, the method for determining the wind evaluation policy provided in the embodiment of the present application may also be applied to a user side, and this is not specifically limited in the embodiment of the present application.
The method for determining the wind evaluation strategy provided in the embodiments of the present application will be explained in detail below.
Fig. 4 is a flowchart of a method for determining a rating policy, which is applied to a server according to an embodiment of the present application. Referring to fig. 4, the method includes the following steps.
Step 401: the server obtains one or more rule identifications according to the event identification of the first event to be evaluated, wherein each rule identification is used for indicating one rule.
When the server receives an event wind evaluation request of a first event sent by the user side based on preset operation of the user, the server can determine a wind evaluation strategy corresponding to the first event through steps 401 to 403. The first event is used for indicating any event triggered by the user side based on preset operation of the user. The event may be any of a transaction event, a payment event, or a login event.
In one possible implementation manner, the possible implementation procedures of step 401 are: acquiring a first strategy identifier corresponding to the event identifier of the first event from the second mapping relation; and acquiring one or more rule identifications corresponding to the first strategy identification from the third mapping relation according to the first strategy identification.
The second mapping relation and the third mapping relation are constructed by the server based on the spanning tree, and the second mapping relation comprises a plurality of event identifications and a plurality of strategy identifications which are in one-to-one correspondence with each event identification in the plurality of event identifications. The third mapping relationship includes a plurality of policy identifiers and one or more rule identifiers in one-to-one correspondence with each of the plurality of policy identifiers. Wherein the first policy identification is used for indicating a first rating policy.
For example, the second mapping relationship and the third mapping relationship constructed by the server are as follows:
second mapping relation
Event identification Policy identification
1 01
2 02
…… ……
N 0N
Third mapping relation
Policy identification Rule identification
01 001、002
02 003
…… ……
0N …、00X
For example, the server obtains an event identifier of a first event, where the event identifier is 1, obtains a first policy identifier 01 corresponding to the event identifier 1 from the second mapping relationship, and obtains one or more rule identifiers corresponding to the first policy identifier 01 from the third mapping relationship according to the first policy identifier 01, where the rule identifiers are {001, 002}
In another possible implementation manner, a possible implementation procedure of step 401 is: and the server directly acquires one or more rule identifications corresponding to the first event according to the event identification of the first event and the mapping relation between the event identification and the rule identification in the spanning tree.
For example, when a first event is an order event, the server receives an order generation request sent by the user end based on a preset operation of the current user, where the order generation request carries an event identifier of the order generation event, the event identifier may be 1, the server obtains, according to the event identifier 1 of the first event, one or more rule identifiers corresponding to the event identifier 1 from a mapping relationship between the event identifier and the rule identifier, and the rule identifier may be {001, 002}
Step 402: the server acquires one or more rules in one-to-one correspondence with the one or more rule identifications.
In one possible implementation manner, the possible implementation procedures of step 402 are: and the server directly acquires one or more rules in one-to-one correspondence with one or more rule identifications according to the index database.
In another possible implementation manner, each rule includes one or more conditions, and each condition is used for judging whether the first attribute of the first event meets the target attribute configured in the corresponding condition. The first attribute is any attribute in the first event. In this manner, step 402 can be realized by steps (1) to (3).
Step (1): and for any rule identifier in the one or more rule identifiers, acquiring one or more condition identifiers corresponding to the rule identifier from the first mapping relation according to the rule identifier.
The server constructs a first mapping relation based on the spanning tree, wherein the first mapping relation comprises a plurality of rule identifications and one or more condition identifications corresponding to each rule identification.
In one possible implementation manner, the possible implementation procedures of step (1) are: according to the plurality of rule identifiers and the first mapping relationship determined in step 201, one or condition identifier corresponding to each rule identifier in the plurality of rule identifiers is determined.
For example, the first mapping relationship constructed by the server is as follows:
first mapping relation
Rule identification Condition identification
001 0001、
002 0002、0003
….. ……..
00N ……、000X
And the server determines the condition identifiers corresponding to the rule identifiers one to one according to the rule identifiers {001, 002} corresponding to the first event. The condition label corresponding to rule 001 is {0001}, and the condition label corresponding to rule 002 is {0002, 0003 }.
Step (2): the server acquires one or more conditions according to the one or more condition identifications.
In a possible implementation manner, the possible implementation procedures of step (2) are: according to the constructed index library, the positions of one or more conditions indicated by one or more condition identifications in a memory are determined from the one or more condition identifications, and then one or more conditions in one-to-one correspondence with the one or more condition identifications are determined.
For example, the server determines, according to the constructed index library, one or more conditions that correspond to the one or more condition identifiers one to one as follows: { condition 0001: the registered mobile phone number starts with 139), { condition 0002: the number of sheets in the past week was greater than 100 sheets }, { condition 0003: the lower order address is equivalent to the registration address }.
It should be noted that all conditions may be abstracted as a triple model of field + operator + constant, where the operator may be an operator in an algorithm tool set such as a four-way operation tool set, an IP algorithm tool set, a mobile phone number algorithm tool set, and the like. For example, the condition "the registry number starts with 139" may be abstracted as a combination of the first three digits in the field "registry number + the set of algorithm tools" + constant "139".
In addition, a plurality of conditions may be combined to obtain a plurality of condition groups. It should be noted that the conditions and the condition groups belong to the same level concept and are all included in the rule, that is, the rule may include one or more conditions, may also include one or more condition groups, and may also include one or more conditions and one or more condition groups, respectively. The condition group is obtained by combining one or more conditions, for example, the conditions may be combined according to an and operation to obtain a condition group, that is, the condition group is satisfied when the current event needs to satisfy the conditions at the same time. Or, a condition group may be obtained by combining according to an or operation, that is, the condition group may be satisfied only by any one of the conditions that is satisfied by the current event.
And (3): the server generates a rule corresponding to the rule identification according to one or more conditions.
In a possible implementation manner, the possible implementation procedures of step (3) are: a logical operational relationship for one or more conditions is determined. The logical operational relationship is used to indicate how the one or more conditions are combined to determine whether an event is a risk event. The rule can be obtained by combining the one or more conditions according to the logical operation relationship.
The logical operation relationship includes an and relationship and/or an or relationship.
How to generate the rule by the logical operation relationship is illustrated below with these one or more conditions as condition 1, condition 2, and condition 3, respectively.
Alternatively, the conditions 1, 2, and 3 may be combined in the or relationship. Thus, a rule is derived based on these three conditions. That is, the rule is: if the current event satisfies any of condition 1, condition 2, or condition 3, it indicates that the current event hits the rule.
Alternatively, the conditions 1, 2, and 3 are combined in the and relationship. Thus, a rule is derived based on these three conditions. That is, the rule is: if the current event satisfies condition 1, condition 2, or condition 3 at the same time, it indicates that the current event hits the rule.
Optionally, after the condition 1 and the condition 2 are combined according to the and relationship, the or relationship and the condition 3 are combined to obtain a rule. That is, the rule is: if the current event satisfies both condition 1 and condition 2 or the current event satisfies only condition 3, it indicates that the current event hits the rule.
The conditions in the embodiment of the present application may be directly obtained by the server in the data center, or may be temporarily generated. For example, since conditions are generated from a combination of metrics, constants, and operators, metrics are generated from fields. The fields, indexes, constants and operators required by the condition to be generated can be determined temporarily, and the currently required condition can be combined.
The generation manner of the condition is not limited to the above two implementation manners, and is not described in detail herein.
Step 403: the server generates a first wind evaluation policy for risk evaluation of the first event according to one or more rules.
After determining the one or more rules corresponding to the first event according to the step 402, the server further needs to determine a first evaluation policy corresponding to the first event according to the one or more rules, so as to perform risk evaluation on the first event directly according to the evaluation policy corresponding to the first event.
In one possible implementation manner, the possible implementation procedures of step 403 are: a risk benchmark score is determined for each of the plurality of rules. A first wind scoring policy is generated based on the risk benchmark score for each of the one or more rules.
Wherein the risk benchmark score for each rule is used to indicate a risk size of the first event when the first event satisfies the respective rule.
For example, the rules determined in step 402 are rule 1 and rule 2, respectively. Wherein, the risk benchmark score corresponding to the rule 1 is 60. Rule 2 corresponds to a risk benchmark score of 40. As such, a first wind rating policy is generated based on the risk benchmark scores of rule 1 and rule 2. That is, when the current user only hits rule 1, the user determines that the risk score is 60 according to the first wind evaluation policy. When the current user only hits the rule 2, the user determines that the risk score is 40 according to the first wind evaluation strategy. When the current user hits the rule 1 and the rule 2 at the same time, the user determines that the risk score is 100 according to the first wind evaluation strategy. And when the current user does not hit the rule 1 or the rule 2, the user determines that the risk score is 0 according to the first wind evaluation strategy.
Further, in order to avoid that the reputation policy is easily attacked by hackers, in another possible implementation manner, the possible implementation process of step 403 is: a risk benchmark score for each rule of the plurality of rules and a gray value for each rule are determined. And generating a first wind evaluation strategy according to the risk benchmark score of each rule in the one or more rules and the gray value of each rule.
Wherein the grey value of each rule is used to indicate a probability value that the first event needs to be risk-assessed according to the respective rule when the first event satisfies the respective rule. The gray value may be set by default by the server. That is, for any rule, when a certain event hits the rule, the server may determine, according to the magnitude relationship between the gray value corresponding to the rule and the reference probability, whether to consider the risk benchmark score corresponding to the rule when performing risk assessment on the first event according to the first wind assessment policy.
It should be noted that the server generates a reference probability value in advance. For any rule, if the reference probability is greater than the gray value of the rule, when the risk assessment is performed on the first event according to the first wind assessment strategy, the risk benchmark score corresponding to the rule is considered, that is, the risk benchmark score corresponding to the rule is still the original risk benchmark score of the rule at the moment. If the reference probability is larger than the gray value of the rule, the risk benchmark score of the rule is not considered when the risk evaluation is carried out on the first event according to the first wind evaluation strategy, namely the corresponding risk benchmark score of the rule is 0 at the moment. Wherein the reference probability value is a random probability value of 0% to 100%.
For example, it is determined that the current user hit both rule 1 and rule 2. Rule 1 corresponds to a risk benchmark score of 60 with a gray value of 50%. Rule 2 corresponds to a risk benchmark score of 40 and a gray value of 40%. In this way, the first wind rating policy is generated according to the risk benchmark score and the gray value of rule 1 and the risk benchmark score gray value of rule 2. Assume that the reference probability is 45%. For rule 1, since the gray value of rule 1 is 50%, which is greater than the reference probability, the benchmark risk score of rule 1 is 60. For rule 2, since the gray value of rule 2 is 40%, which is smaller than the reference probability, the risk benchmark score of rule 2 is 0. That is, the risk benchmark score of rule 1 and the risk benchmark score of rule 2 are integrated, and it is determined that the risk score of the first wind score is 60 when the risk assessment is performed on the first event according to the first wind score strategy.
To further illustrate the method for determining the wind rating policy provided in the embodiments of the present application, the method is further illustrated by a flowchart shown in fig. 5. As shown in fig. 5, first, the server receives an event comment request, obtains an event identifier of the event, finds an attribute value corresponding to the event identifier in a context established by the service layer, and determines a policy identifier corresponding to the event one to one according to the event identifier and the second mapping relationship. And determining a plurality of rules corresponding to the strategy identification according to the strategy identification. And calling a rule execution engine to determine rules which can be hit by the current user in the plurality of rules, calculating a risk score according to the rules which can be hit by the current user, and returning the risk score to a service layer of the server. The server determines an execution decision based on the risk score. And sending the execution decision to the user side, and determining whether to continue executing the event or not by the user side according to the execution decision. The risk score is used for representing a result of evaluating the risk coefficient of the first event according to the wind evaluation strategy corresponding to the first event.
In addition, after the server configures the wind evaluation policy for the first event according to the above process, in a possible scenario, in order to meet a new risk control requirement, the server needs to modify the set wind evaluation policy.
One possible process of modifying the wind comment strategy is: and acquiring a strategy modification request, wherein the strategy modification request carries a strategy identifier used for indicating the second evaluation strategy, and acquiring one or more rules included in the second evaluation strategy according to the strategy identifier carried in the strategy modification request. When a modification request for a first rule of the one or more rules included in the second rating policy is detected, modifying the first rule, wherein the first rule is one of the one or more rules included in the second rating policy. The first rule is replaced with the modified rule. Wherein the second wind evaluation strategy is a wind evaluation strategy configured before the current time.
For example, the server obtains a policy modification request, where the policy modification request carries an identifier 01 of a second evaluation policy, where the second evaluation policy includes a rule 1 and a rule 2, and detects the rule modification request, where the rule modification request is used to indicate that the rule 1 is modified, and then determines, directly through an index library provided in the embodiment of the present application, a position of a rule corresponding to the rule 1 in a memory, and modifies the rule 1, and then the modified rule is updated to a "spanning tree" synchronously to form a new evaluation policy.
In the embodiment of the application, one or more rule identifications are obtained according to the event identification of a first event to be evaluated; acquiring one or more rules in one-to-one correspondence with one or more rule identifications; a first wind evaluation policy for risk evaluation of the first event is generated according to one or more rules. According to the method and the device, the wind evaluation strategy is dynamically generated through a plurality of rules instead of generating the whole wind evaluation strategy in advance, so that only one rule can be adjusted subsequently to realize the adjustment of the finally generated wind evaluation strategy, the whole wind evaluation strategy is prevented from being modified from the beginning, and the labor cost and the time cost generated by modifying the wind evaluation strategy are greatly reduced.
All the above optional technical solutions can be combined arbitrarily to form an optional embodiment of the present application, and the present application embodiment is not described in detail again.
Fig. 6 is a schematic structural diagram of an apparatus for determining a wind rating policy provided in an embodiment of the present application, where the apparatus for determining a wind rating policy may be implemented by software, hardware, or a combination of the two. The means for determining a wind rating policy may comprise:
a first obtaining module 601, configured to obtain one or more rule identifiers according to an event identifier of a first event to be evaluated, where each rule identifier is used to indicate a rule, and the rule is used to determine whether the first event is a risk event;
a second obtaining module 602, configured to obtain one or more rules in one-to-one correspondence with one or more rule identifiers;
the generating module 603 is configured to generate a first wind evaluation policy for risk evaluation of the first event according to one or more rules, where the first wind evaluation policy includes the one or more rules and a risk benchmark score of each rule, and the risk benchmark score of each rule is used to indicate a risk level of the first event when the first event satisfies the corresponding rule.
Optionally, the second obtaining module includes:
the first obtaining submodule is used for obtaining one or more condition identifications corresponding to the rule identifications from a first mapping relation according to the rule identifications for any one of the one or more rule identifications, and the first mapping relation comprises a plurality of rule identifications and one or more condition identifications corresponding to each rule identification;
the second obtaining submodule is used for obtaining one or more conditions according to the one or more condition identifications;
and the first generation submodule is used for generating the rule corresponding to the rule identification according to one or more conditions.
Optionally, the generating module includes:
the determining submodule is used for determining a risk benchmark score of each rule in the plurality of rules, and the risk benchmark score of each rule is used for indicating the magnitude of the risk corresponding to the corresponding rule;
and the second generation submodule is used for generating the first wind evaluation strategy according to the risk benchmark score of each rule in the one or more rules.
Optionally, the generating sub-module includes:
the determining unit is used for determining a gray value of each rule, and the gray value of each rule is used for indicating the probability that the first event needs to be subjected to risk assessment according to the corresponding rule when the first event meets the corresponding rule;
the generating unit is used for generating a first wind evaluation strategy according to the risk benchmark score of each rule in the one or more rules and the gray value of each rule.
Optionally, the first obtaining module includes:
the third obtaining submodule is used for obtaining a first strategy identifier corresponding to the event identifier of the first event from a second mapping relation, the first strategy identifier is used for indicating a first wind evaluation strategy, and the second mapping relation comprises a plurality of event identifiers and a plurality of strategy identifiers corresponding to the event identifiers one to one;
and the fourth obtaining submodule is used for obtaining one or more rule identifications corresponding to the first strategy identification from a third mapping relation according to the first strategy identification, and the third mapping relation comprises a plurality of strategy identifications and one or more rule identifications corresponding to each strategy identification.
Optionally, the apparatus further comprises:
the third obtaining module is used for obtaining a strategy modification request, the strategy modification request carries a strategy identifier used for indicating a second wind evaluation strategy, and the second wind evaluation strategy is a wind evaluation strategy configured before the current time;
the fourth obtaining module is used for obtaining one or more rules included in the second wind comment policy according to the policy identifier carried in the policy modification request;
the modification module is used for modifying a first rule in one or more rules included by the second evaluation policy when a modification request aiming at the first rule is detected;
a replacement module to replace the first rule with the modified rule.
In the embodiment of the present application, one or more rule identifiers are obtained according to an event identifier of a first event to be evaluated; acquiring one or more rules in one-to-one correspondence with one or more rule identifications; a first wind evaluation policy for risk evaluation of the first event is generated according to one or more rules. According to the method and the device, the wind evaluation strategy is dynamically generated through a plurality of rules instead of generating the whole wind evaluation strategy in advance, so that only one rule can be adjusted subsequently to realize the adjustment of the finally generated wind evaluation strategy, the whole wind evaluation strategy is prevented from being modified from the beginning, and the labor cost and the time cost generated by modifying the wind evaluation strategy are greatly reduced.
It should be noted that: when determining the wind evaluation policy, the device for determining the wind evaluation policy provided in the above embodiment is only illustrated by dividing the functional modules, and in practical application, the function distribution may be completed by different functional modules according to needs, that is, the internal structure of the equipment is divided into different functional modules, so as to complete all or part of the functions described above. In addition, the apparatus for determining the wind evaluation policy and the method for determining the wind evaluation policy provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments, and are not described herein again.
Fig. 7 is a schematic structural diagram of a server of an apparatus for determining a wind rating policy according to an embodiment of the present application. The server may be a server in a cluster of background servers. Specifically, the method comprises the following steps:
the server 700 includes a Central Processing Unit (CPU)701, a system memory 704 including a Random Access Memory (RAM)702 and a Read Only Memory (ROM)703, and a system bus 705 connecting the system memory 704 and the central processing unit 701. The server 700 also includes a basic input/output system (I/O system) 706, which facilitates transfer of information between devices within the computer, and a mass storage device 707 for storing an operating system 713, application programs 714, and other program modules 715.
The basic input/output system 706 includes a display 708 for displaying information and an input device 709, such as a mouse, keyboard, etc., for a user to input information. Wherein the display 708 and the input device 709 are connected to the central processing unit 701 through an input output controller 710 connected to the system bus 705. The basic input/output system 706 may also include an input/output controller 710 for receiving and processing input from a number of other devices, such as a keyboard, mouse, or electronic stylus. Similarly, input-output controller 710 may also provide output to a display screen, a printer, or other type of output device.
The mass storage device 707 is connected to the central processing unit 701 through a mass storage controller (not shown) connected to the system bus 705. The mass storage device 707 and its associated computer-readable media provide non-volatile storage for the server 700. That is, the mass storage device 707 may include a computer-readable medium (not shown), such as a hard disk or CD-ROM drive.
Without loss of generality, computer readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes RAM, ROM, EPROM, EEPROM, flash memory or other solid state memory technology, CD-ROM, DVD, or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices. Of course, those skilled in the art will appreciate that computer storage media is not limited to the foregoing. The system memory 704 and mass storage device 707 described above may be collectively referred to as memory.
According to various embodiments of the present application, server 700 may also operate as a remote computer connected to a network via a network, such as the Internet. That is, the server 700 may be connected to the network 712 through a network interface unit 711 connected to the system bus 705, or the network interface unit 711 may be used to connect to other types of networks or remote computer systems (not shown).
The memory further includes one or more programs, and the one or more programs are stored in the memory and configured to be executed by the CPU. The one or more programs include instructions for performing the method of determining a wind rating policy provided by the embodiments of the present application as described below.
The embodiment of the application also provides a non-transitory computer readable storage medium, and when the instructions in the storage medium are executed by a processor of the server, the server is enabled to execute the method for determining the wind rating policy provided by the embodiment.
The embodiment of the present application further provides a computer program product containing instructions, which when run on a server, causes the server to execute the method for determining a wind rating policy provided by the above embodiment.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (10)

1. A method of determining a wind rating policy, the method comprising:
acquiring one or more rule identifications according to an event identification of a first event to be evaluated, wherein each rule identification is used for indicating a rule, and the rule is used for judging whether the first event is a risk event;
acquiring one or more rules in one-to-one correspondence with the one or more rule identifications;
generating a first wind evaluation strategy for risk evaluation of the first event according to the one or more rules, wherein the first wind evaluation strategy comprises the one or more rules and a risk benchmark score of each rule, and the risk benchmark score of each rule is used for indicating the risk magnitude of the first event when the first event meets the corresponding rule.
2. The method of claim 1, wherein each rule comprises one or more conditions, each condition is used for judging whether a first attribute of the first event meets a target first attribute configured in the corresponding condition, and the first attribute is any attribute in the first event;
the obtaining one or more rules corresponding to the one or more rule identifications one-to-one includes:
for any rule identifier in the one or more rule identifiers, acquiring one or more condition identifiers corresponding to the rule identifier from a first mapping relation according to the rule identifier, wherein the first mapping relation comprises a plurality of rule identifiers and one or more condition identifiers corresponding to each rule identifier;
acquiring one or more conditions according to the one or more condition identifications;
and generating a rule corresponding to the rule identification according to the one or more conditions.
3. The method of claim 1, wherein generating a first triage policy for risk assessment of the first event according to the one or more rules comprises:
determining a risk benchmark score of each rule in the plurality of rules, wherein the risk benchmark score of each rule is used for indicating the magnitude of the risk corresponding to the corresponding rule;
generating the first wind rating policy according to a risk benchmark score of each of the one or more rules.
4. The method of claim 3, wherein generating the first rating policy based on the risk benchmark score for each of the one or more rules comprises:
determining a gray value of each rule, wherein the gray value of each rule is used for indicating the probability that the first event needs to be risk-evaluated according to the corresponding rule when the first event meets the corresponding rule;
and generating the first wind evaluation strategy according to the risk benchmark score of each rule in the one or more rules and the gray value of each rule.
5. The method of claim 1, wherein obtaining one or more rule identifications from the event identification of the first event to be evaluated comprises:
acquiring a first policy identifier corresponding to an event identifier of the first event from a second mapping relation, wherein the first policy identifier is used for indicating the first wind rating policy, and the second mapping relation comprises a plurality of event identifiers and a plurality of policy identifiers in one-to-one correspondence with the event identifiers;
and acquiring one or more rule identifications corresponding to the first policy identification from a third mapping relation according to the first policy identification, wherein the third mapping relation comprises a plurality of policy identifications and one or more rule identifications corresponding to each policy identification.
6. The method of any of claims 1 to 5, further comprising:
acquiring a strategy modification request, wherein the strategy modification request carries a strategy identifier used for indicating a second wind evaluation strategy, and the second wind evaluation strategy is a wind evaluation strategy configured before the current time;
acquiring one or more rules included in the second evaluation strategy according to the strategy identification carried in the strategy modification request;
when a modification request for a first rule of the one or more rules included in the second rating policy is detected, modifying the first rule, wherein the first rule is one of the one or more rules included in the second rating policy;
replacing the first rule with a modified rule.
7. An apparatus for determining a wind rating policy, the apparatus comprising:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring one or more rule identifications according to an event identification of a first event to be evaluated, each rule identification is used for indicating a rule, and the rule is used for judging whether the first event is a risk event;
the second acquisition module is used for acquiring one or more rules which are in one-to-one correspondence with the one or more rule identifications;
the generating module is used for generating a first wind evaluation strategy for carrying out risk evaluation on the first event according to the one or more rules, the first wind evaluation strategy comprises the one or more rules and a risk benchmark score of each rule, and the risk benchmark score of each rule is used for indicating the risk magnitude of the first event when the first event meets the corresponding rule.
8. The apparatus of claim 7, wherein each rule comprises one or more conditions, each condition is used for determining whether a first attribute of the first event satisfies a target first attribute configured in the corresponding condition, and the first attribute is any attribute in the first event;
the second obtaining module includes:
a first obtaining sub-module, configured to, for any rule identifier of the one or more rule identifiers, obtain, according to the rule identifier, one or more condition identifiers corresponding to the rule identifier from a first mapping relationship, where the first mapping relationship includes the multiple rule identifiers and the one or more condition identifiers corresponding to each rule identifier;
the second obtaining submodule is used for obtaining one or more conditions according to the one or more condition identifications;
and the first generation submodule is used for generating a rule corresponding to the rule identification according to the one or more conditions.
9. An apparatus for determining a wind rating policy, the apparatus comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to perform the steps of the method of any of the above claims 1 to 6.
10. A computer-readable storage medium having stored thereon instructions which, when executed by a processor, carry out the steps of the method of any of the preceding claims 1 to 6.
CN201911388661.5A 2019-12-30 2019-12-30 Method and device for determining wind evaluation strategy and computer storage medium Pending CN111144771A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911388661.5A CN111144771A (en) 2019-12-30 2019-12-30 Method and device for determining wind evaluation strategy and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911388661.5A CN111144771A (en) 2019-12-30 2019-12-30 Method and device for determining wind evaluation strategy and computer storage medium

Publications (1)

Publication Number Publication Date
CN111144771A true CN111144771A (en) 2020-05-12

Family

ID=70521582

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911388661.5A Pending CN111144771A (en) 2019-12-30 2019-12-30 Method and device for determining wind evaluation strategy and computer storage medium

Country Status (1)

Country Link
CN (1) CN111144771A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115277140A (en) * 2022-07-18 2022-11-01 蚂蚁区块链科技(上海)有限公司 Policy configuration and risk identification method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115277140A (en) * 2022-07-18 2022-11-01 蚂蚁区块链科技(上海)有限公司 Policy configuration and risk identification method and device
CN115277140B (en) * 2022-07-18 2024-01-09 蚂蚁区块链科技(上海)有限公司 Policy configuration, risk identification method and device, readable storage medium and computing device

Similar Documents

Publication Publication Date Title
CN109729131B (en) Application request processing method and device and router
CN108776934B (en) Distributed data calculation method and device, computer equipment and readable storage medium
CN109150572B (en) Method, device and computer readable storage medium for realizing alarm association
CN109543891B (en) Method and apparatus for establishing capacity prediction model, and computer-readable storage medium
CN106888106A (en) The extensive detecting system of IT assets in intelligent grid
CN110765024A (en) Simulation test method, simulation test device, electronic equipment and computer-readable storage medium
CN110830234B (en) User traffic distribution method and device
CN106528289B (en) Resource operation processing method and device
CN110784515A (en) Data storage method based on distributed cluster and related equipment thereof
CN112860953A (en) Data importing method, device, equipment and storage medium of graph database
JP5268589B2 (en) Information processing apparatus and information processing apparatus operating method
CN114095567A (en) Data access request processing method and device, computer equipment and medium
CN111047434A (en) Operation record generation method and device, computer equipment and storage medium
CN111144771A (en) Method and device for determining wind evaluation strategy and computer storage medium
CN113821254A (en) Interface data processing method, device, storage medium and equipment
US20210344701A1 (en) System and method for detection promotion
CN111897643A (en) Thread pool configuration system, method, device and storage medium
CN116846768A (en) Display method and device for network topology structure and electronic equipment
US11588678B2 (en) Generating incident response action recommendations using anonymized action implementation data
CN112860496A (en) Fault repair operation recommendation method and device and storage medium
US8561132B2 (en) Access control apparatus, information management apparatus, and access control method
US10757093B1 (en) Identification of runtime credential requirements
CN110391929B (en) Fault-tolerant control method and device and fault-tolerant component
JP7102783B2 (en) System management equipment, system management methods, and programs
CN112291241A (en) Firewall wall opening method, firewall wall opening device and terminal equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20200512

WD01 Invention patent application deemed withdrawn after publication